diff options
Diffstat (limited to 'src/methods')
-rw-r--r-- | src/methods/cipher_test/cipher_test.c | 80 | ||||
-rw-r--r-- | src/methods/composed_gmac/composed_gmac.c | 138 | ||||
-rw-r--r-- | src/methods/generic_gcm/generic_gcm.c | 102 | ||||
-rw-r--r-- | src/methods/generic_gmac/generic_gmac.c | 99 | ||||
-rw-r--r-- | src/methods/generic_poly1305/generic_poly1305.c | 77 | ||||
-rw-r--r-- | src/methods/methods.c.in | 12 | ||||
-rw-r--r-- | src/methods/null/null.c | 21 | ||||
-rw-r--r-- | src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c | 20 |
8 files changed, 255 insertions, 294 deletions
diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c index 067835e..fcf58e6 100644 --- a/src/methods/cipher_test/cipher_test.c +++ b/src/methods/cipher_test/cipher_test.c @@ -25,21 +25,27 @@ #include "../../crypto.h" +#include "../../method.h" #include "../common.h" +struct fastd_method_context { + const fastd_cipher_info_t *cipher_info; +}; + struct fastd_method_session_state { fastd_method_common_t common; - const fastd_cipher_info_t *cipher_info; + const fastd_method_context_t *ctx; const fastd_cipher_t *cipher; fastd_cipher_state_t *cipher_state; }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_t **cipher) { - size_t len = strlen(name); +static bool method_create_by_name(const char *name, fastd_method_context_t **method_ctx) { + fastd_method_context_t ctx; + size_t len = strlen(name); if (len < 12) return false; @@ -50,46 +56,30 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe memcpy(cipher_name, name, len-12); cipher_name[len-12] = 0; - const fastd_cipher_info_t *cipher_info = NULL; - - if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &cipher_info); - if (!*cipher) - return false; - } - else { - cipher_info = fastd_cipher_info_get_by_name(cipher_name); - if (!cipher_info) - return false; - } + ctx.cipher_info = fastd_cipher_info_get_by_name(cipher_name); + if (!ctx.cipher_info) + return false; - if (info) - *info = cipher_info; + *method_ctx = malloc(sizeof(fastd_method_context_t)); + **method_ctx = ctx; return true; } - -static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL); +static void method_destroy(fastd_method_context_t *method_ctx) { + free(method_ctx); } -static size_t method_key_length(fastd_context_t *ctx, const char *name) { - const fastd_cipher_info_t *info; - if (!cipher_get(NULL, name, &info, NULL)) - exit_bug(ctx, "cipher-test: can't get cipher key length"); - - return info->key_length; +static size_t method_key_length(fastd_context_t *ctx UNUSED, const fastd_method_context_t *method_ctx) { + return method_ctx->cipher_info->key_length; } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const fastd_method_context_t *method_ctx, const uint8_t *secret, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); fastd_method_common_init(ctx, &session->common, initiator); - - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher)) - exit_bug(ctx, "cipher-test: can't instanciate cipher"); - + session->ctx = method_ctx; + session->cipher = fastd_cipher_get(ctx, session->ctx->cipher_info); session->cipher_state = session->cipher->init(ctx, secret); pr_warn(ctx, "using cipher-test method; this method must be used for testing and benchmarks only"); @@ -127,11 +117,12 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast if (tail_len) memset(in.data+in.len, 0, tail_len); - uint8_t nonce[session->cipher_info->iv_length]; - if (session->cipher_info->iv_length) { - memset(nonce, 0, session->cipher_info->iv_length); - memcpy(nonce, session->common.send_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher_info->iv_length)); - nonce[session->cipher_info->iv_length-1] = 1; + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + if (iv_length) { + memset(nonce, 0, iv_length); + memcpy(nonce, session->common.send_nonce, min_size_t(COMMON_NONCEBYTES, iv_length)); + nonce[iv_length-1] = 1; } int n_blocks = block_count(in.len, sizeof(fastd_block128_t)); @@ -170,11 +161,12 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho if (common_nonce[COMMON_NONCEBYTES]) /* flags */ return false; - uint8_t nonce[session->cipher_info->iv_length]; - if (session->cipher_info->iv_length) { - memset(nonce, 0, session->cipher_info->iv_length); - memcpy(nonce, common_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher_info->iv_length)); - nonce[session->cipher_info->iv_length-1] = 1; + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + if (iv_length) { + memset(nonce, 0, iv_length); + memcpy(nonce, common_nonce, min_size_t(COMMON_NONCEBYTES, iv_length)); + nonce[iv_length-1] = 1; } int64_t age; @@ -209,15 +201,17 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho } const fastd_method_t fastd_method_cipher_test = { - .provides = method_provides, - .max_overhead = COMMON_HEADBYTES, .min_encrypt_head_space = 0, .min_decrypt_head_space = 0, .min_encrypt_tail_space = sizeof(fastd_block128_t)-1, .min_decrypt_tail_space = sizeof(fastd_block128_t)-1, + .create_by_name = method_create_by_name, + .destroy = method_destroy, + .key_length = method_key_length, + .session_init = method_session_init, .session_is_valid = method_session_is_valid, .session_is_initiator = method_session_is_initiator, diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c index 0705b7d..d1627ee 100644 --- a/src/methods/composed_gmac/composed_gmac.c +++ b/src/methods/composed_gmac/composed_gmac.c @@ -25,36 +25,43 @@ #include "../../crypto.h" +#include "../../method.h" #include "../common.h" static const fastd_block128_t ZERO_BLOCK = {}; + +struct fastd_method_context { + const fastd_cipher_info_t *cipher_info; + const fastd_cipher_info_t *gmac_cipher_info; + const fastd_mac_info_t *ghash_info; +}; + struct fastd_method_session_state { fastd_method_common_t common; - const fastd_cipher_info_t *cipher_info; + const fastd_method_context_t *ctx; + const fastd_cipher_t *cipher; fastd_cipher_state_t *cipher_state; - const fastd_cipher_info_t *gmac_cipher_info; const fastd_cipher_t *gmac_cipher; fastd_cipher_state_t *gmac_cipher_state; - const fastd_mac_info_t *ghash_info; const fastd_mac_t *ghash; fastd_mac_state_t *ghash_state; }; -static bool cipher_get(fastd_context_t *ctx, const char *name, - const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, - const fastd_cipher_info_t **gmac_cipher_info, const fastd_cipher_t **gmac_cipher) { - if (!fastd_mac_info_get_by_name("ghash")) +static bool method_create_by_name(const char *name, fastd_method_context_t **method_ctx) { + fastd_method_context_t ctx; + + ctx.ghash_info = fastd_mac_info_get_by_name("ghash"); + if (!ctx.ghash_info) return false; size_t len = strlen(name); - if (len < 5) return false; @@ -73,76 +80,52 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, *gmac_cipher_name = 0; gmac_cipher_name++; - const fastd_cipher_info_t *info = NULL; - const fastd_cipher_info_t *gmac_info = NULL; - - if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info); - *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, &gmac_info); - if (!(*cipher && *gmac_cipher)) - return false; - } - else { - info = fastd_cipher_info_get_by_name(cipher_name); - gmac_info = fastd_cipher_info_get_by_name(gmac_cipher_name); - if (!(info && gmac_info)) - return false; - } - - if (cipher_info) - *cipher_info = info; - - if (gmac_cipher_info) - *gmac_cipher_info = gmac_info; - - return true; -} - + ctx.cipher_info = fastd_cipher_info_get_by_name(cipher_name); + if (!ctx.cipher_info) + return false; -static bool method_provides(const char *name) { - const fastd_cipher_info_t *gmac_cipher_info; + if (ctx.cipher_info->iv_length && ctx.cipher_info->iv_length <= COMMON_NONCEBYTES) + return false; - if (!cipher_get(NULL, name, NULL, NULL, &gmac_cipher_info, NULL)) + ctx.gmac_cipher_info = fastd_cipher_info_get_by_name(gmac_cipher_name); + if (!ctx.gmac_cipher_info) return false; - if (gmac_cipher_info->iv_length <= COMMON_NONCEBYTES) + if (ctx.gmac_cipher_info->iv_length <= COMMON_NONCEBYTES) return false; + *method_ctx = malloc(sizeof(fastd_method_context_t)); + **method_ctx = ctx; + return true; } -static size_t method_key_length(fastd_context_t *ctx, const char *name) { - const fastd_cipher_info_t *cipher_info; - const fastd_cipher_info_t *gmac_cipher_info; +static void method_destroy(fastd_method_context_t *method_ctx) { + free(method_ctx); +} - if (!cipher_get(NULL, name, &cipher_info, NULL, &gmac_cipher_info, NULL)) - exit_bug(ctx, "composed-gmac: can't get cipher key length"); - return cipher_info->key_length + gmac_cipher_info->key_length; +static size_t method_key_length(fastd_context_t *ctx UNUSED, const fastd_method_context_t *method_ctx) { + return method_ctx->cipher_info->key_length + method_ctx->gmac_cipher_info->key_length; } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const fastd_method_context_t *method_ctx, const uint8_t *secret, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); fastd_method_common_init(ctx, &session->common, initiator); + session->ctx = method_ctx; - if (!cipher_get(ctx, name, - &session->cipher_info, &session->cipher, - &session->gmac_cipher_info, &session->gmac_cipher)) - exit_bug(ctx, "composed-gmac: can't instanciate cipher"); - + session->cipher = fastd_cipher_get(ctx, session->ctx->cipher_info); session->cipher_state = session->cipher->init(ctx, secret); - if (session->cipher_info->iv_length && session->cipher_info->iv_length <= COMMON_NONCEBYTES) - exit_bug(ctx, "composed-gmac: iv_length to small"); - session->gmac_cipher_state = session->gmac_cipher->init(ctx, secret + session->cipher_info->key_length); - if (session->gmac_cipher_info->iv_length <= COMMON_NONCEBYTES) - exit_bug(ctx, "composed-gmac: GMAC cipher iv_length to small"); + session->gmac_cipher = fastd_cipher_get(ctx, session->ctx->gmac_cipher_info); + session->gmac_cipher_state = session->gmac_cipher->init(ctx, secret + session->ctx->cipher_info->key_length); fastd_block128_t H; - uint8_t zeroiv[session->gmac_cipher_info->iv_length]; - memset(zeroiv, 0, session->gmac_cipher_info->iv_length); + size_t gmac_iv_length = session->ctx->gmac_cipher_info->iv_length; + uint8_t zeroiv[gmac_iv_length]; + memset(zeroiv, 0, gmac_iv_length); if (!session->gmac_cipher->crypt(ctx, session->gmac_cipher_state, &H, &ZERO_BLOCK, sizeof(fastd_block128_t), zeroiv)) { session->cipher->free(ctx, session->cipher_state); @@ -152,10 +135,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c return NULL; } - session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info); - if (!session->ghash) - exit_bug(ctx, "composed-gmac: can't instanciate ghash mac"); - + session->ghash = fastd_mac_get(ctx, session->ctx->ghash_info); session->ghash_state = session->ghash->init(ctx, H.b); return session; @@ -209,19 +189,21 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast fastd_block128_t *outblocks = out->data; fastd_block128_t sig; - uint8_t gmac_nonce[session->gmac_cipher_info->iv_length]; - memset(gmac_nonce, 0, session->gmac_cipher_info->iv_length); + size_t gmac_iv_length = session->ctx->gmac_cipher_info->iv_length; + uint8_t gmac_nonce[gmac_iv_length]; + memset(gmac_nonce, 0, gmac_iv_length); memcpy(gmac_nonce, session->common.send_nonce, COMMON_NONCEBYTES); - gmac_nonce[session->gmac_cipher_info->iv_length-1] = 1; + gmac_nonce[gmac_iv_length-1] = 1; bool ok = session->gmac_cipher->crypt(ctx, session->gmac_cipher_state, outblocks, &ZERO_BLOCK, sizeof(fastd_block128_t), gmac_nonce); if (ok) { - uint8_t nonce[session->cipher_info->iv_length]; - if (session->cipher_info->iv_length) { - memset(nonce, 0, session->cipher_info->iv_length); + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + if (iv_length) { + memset(nonce, 0, iv_length); memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES); - nonce[session->cipher_info->iv_length-1] = 1; + nonce[iv_length-1] = 1; } ok = session->cipher->crypt(ctx, session->cipher_state, outblocks+1, inblocks, n_blocks*sizeof(fastd_block128_t), nonce); @@ -271,16 +253,18 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho if (!fastd_method_is_nonce_valid(ctx, &session->common, common_nonce, &age)) return false; - uint8_t gmac_nonce[session->gmac_cipher_info->iv_length]; - memset(gmac_nonce, 0, session->gmac_cipher_info->iv_length); + size_t gmac_iv_length = session->ctx->gmac_cipher_info->iv_length; + uint8_t gmac_nonce[gmac_iv_length]; + memset(gmac_nonce, 0, gmac_iv_length); memcpy(gmac_nonce, common_nonce, COMMON_NONCEBYTES); - gmac_nonce[session->gmac_cipher_info->iv_length-1] = 1; + gmac_nonce[gmac_iv_length-1] = 1; - uint8_t nonce[session->cipher_info->iv_length]; - if (session->cipher_info->iv_length) { - memset(nonce, 0, session->cipher_info->iv_length); + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + if (iv_length) { + memset(nonce, 0, iv_length); memcpy(nonce, common_nonce, COMMON_NONCEBYTES); - nonce[session->cipher_info->iv_length-1] = 1; + nonce[iv_length-1] = 1; } fastd_buffer_push_head(ctx, &in, COMMON_HEADBYTES); @@ -326,15 +310,17 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho } const fastd_method_t fastd_method_composed_gmac = { - .provides = method_provides, - .max_overhead = COMMON_HEADBYTES + sizeof(fastd_block128_t), .min_encrypt_head_space = 0, .min_decrypt_head_space = 0, .min_encrypt_tail_space = sizeof(fastd_block128_t)-1, .min_decrypt_tail_space = 2*sizeof(fastd_block128_t)-1, + .create_by_name = method_create_by_name, + .destroy = method_destroy, + .key_length = method_key_length, + .session_init = method_session_init, .session_is_valid = method_session_is_valid, .session_is_initiator = method_session_is_initiator, diff --git a/src/methods/generic_gcm/generic_gcm.c b/src/methods/generic_gcm/generic_gcm.c index 52065eb..3490f8b 100644 --- a/src/methods/generic_gcm/generic_gcm.c +++ b/src/methods/generic_gcm/generic_gcm.c @@ -25,91 +25,82 @@ #include "../../crypto.h" +#include "../../method.h" #include "../common.h" +struct fastd_method_context { + const fastd_cipher_info_t *cipher_info; + const fastd_mac_info_t *ghash_info; +}; + struct fastd_method_session_state { fastd_method_common_t common; - const fastd_cipher_info_t *cipher_info; + const fastd_method_context_t *ctx; + const fastd_cipher_t *cipher; fastd_cipher_state_t *cipher_state; - const fastd_mac_info_t *ghash_info; const fastd_mac_t *ghash; fastd_mac_state_t *ghash_state; }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher) { - if (!fastd_mac_info_get_by_name("ghash")) +static bool method_create_by_name(const char *name, fastd_method_context_t **method_ctx) { + fastd_method_context_t ctx; + + ctx.ghash_info = fastd_mac_info_get_by_name("ghash"); + if (!ctx.ghash_info) return false; size_t len = strlen(name); - if (len < 4) return false; if (strcmp(name+len-4, "-gcm")) return false; - char name_ctr[len+1]; - memcpy(name_ctr, name, len-3); - strncpy(name_ctr+len-3, "ctr", 4); + char cipher_name[len+1]; + memcpy(cipher_name, name, len-3); + strncpy(cipher_name+len-3, "ctr", 4); - const fastd_cipher_info_t *info = NULL; - - if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, name_ctr, &info); - if (!*cipher) - return false; - } - else { - info = fastd_cipher_info_get_by_name(name_ctr); - if (!info) - return false; - } + ctx.cipher_info = fastd_cipher_info_get_by_name(cipher_name); + if (!ctx.cipher_info) + return false; - if (info->iv_length <= COMMON_NONCEBYTES) + if (ctx.cipher_info->iv_length <= COMMON_NONCEBYTES) return false; - if (cipher_info) - *cipher_info = info; + *method_ctx = malloc(sizeof(fastd_method_context_t)); + **method_ctx = ctx; return true; } - -static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL); +static void method_destroy(fastd_method_context_t *method_ctx) { + free(method_ctx); } -static size_t method_key_length(fastd_context_t *ctx, const char *name) { - const fastd_cipher_info_t *cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL)) - exit_bug(ctx, "generic-gcm: can't get cipher key length"); - - return cipher_info->key_length; +static size_t method_key_length(fastd_context_t *ctx UNUSED, const fastd_method_context_t *method_ctx) { + return method_ctx->cipher_info->key_length; } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const fastd_method_context_t *method_ctx, const uint8_t *secret, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); fastd_method_common_init(ctx, &session->common, initiator); + session->ctx = method_ctx; - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher)) - exit_bug(ctx, "generic-gcm: can't instanciate cipher"); - + session->cipher = fastd_cipher_get(ctx, session->ctx->cipher_info); session->cipher_state = session->cipher->init(ctx, secret); static const fastd_block128_t zeroblock = {}; fastd_block128_t H; - if (session->cipher_info->iv_length <= COMMON_NONCEBYTES) - exit_bug(ctx, "generic-gcm: iv_length to small"); - - uint8_t zeroiv[session->cipher_info->iv_length]; - memset(zeroiv, 0, session->cipher_info->iv_length); + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t zeroiv[iv_length]; + memset(zeroiv, 0, iv_length); if (!session->cipher->crypt(ctx, session->cipher_state, &H, &zeroblock, sizeof(fastd_block128_t), zeroiv)) { session->cipher->free(ctx, session->cipher_state); @@ -117,20 +108,17 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c return NULL; } - session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info); - if (!session->ghash) - exit_bug(ctx, "generic-gcm: can't instanciate ghash mac"); - + session->ghash = fastd_mac_get(ctx, session->ctx->ghash_info); session->ghash_state = session->ghash->init(ctx, H.b); return session; } -static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const char *name, const uint8_t *secret, size_t length, bool initiator) { +static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const fastd_method_context_t *method_ctx, const uint8_t *secret, size_t length, bool initiator) { if (length < sizeof(fastd_block128_t)) exit_bug(ctx, "generic-gcm: tried to init with short secret"); - return method_session_init(ctx, name, secret, initiator); + return method_session_init(ctx, method_ctx, secret, initiator); } static bool method_session_is_valid(fastd_context_t *ctx, fastd_method_session_state_t *session) { @@ -177,10 +165,11 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast if (tail_len) memset(in.data+in.len, 0, tail_len); - uint8_t nonce[session->cipher_info->iv_length]; - memset(nonce, 0, session->cipher_info->iv_length); + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + memset(nonce, 0, iv_length); memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES); - nonce[session->cipher_info->iv_length-1] = 1; + nonce[iv_length-1] = 1; int n_blocks = block_count(in.len, sizeof(fastd_block128_t)); @@ -230,10 +219,11 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */ return false; - uint8_t nonce[session->cipher_info->iv_length]; - memset(nonce, 0, session->cipher_info->iv_length); + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + memset(nonce, 0, iv_length); memcpy(nonce, in.data, COMMON_NONCEBYTES); - nonce[session->cipher_info->iv_length-1] = 1; + nonce[iv_length-1] = 1; int64_t age; if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age)) @@ -279,15 +269,17 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho } const fastd_method_t fastd_method_generic_gcm = { - .provides = method_provides, - .max_overhead = COMMON_HEADBYTES + sizeof(fastd_block128_t), .min_encrypt_head_space = sizeof(fastd_block128_t), .min_decrypt_head_space = 0, .min_encrypt_tail_space = sizeof(fastd_block128_t)-1, .min_decrypt_tail_space = 2*sizeof(fastd_block128_t)-1, + .create_by_name = method_create_by_name, + .destroy = method_destroy, + .key_length = method_key_length, + .session_init = method_session_init, .session_init_compat = method_session_init_compat, .session_is_valid = method_session_is_valid, diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c index 4de7ad8..91b96cb 100644 --- a/src/methods/generic_gmac/generic_gmac.c +++ b/src/methods/generic_gmac/generic_gmac.c @@ -25,28 +25,37 @@ #include "../../crypto.h" +#include "../../method.h" #include "../common.h" +struct fastd_method_context { + const fastd_cipher_info_t *cipher_info; + const fastd_mac_info_t *ghash_info; +}; + + struct fastd_method_session_state { fastd_method_common_t common; - const fastd_cipher_info_t *cipher_info; + const fastd_method_context_t *ctx; + const fastd_cipher_t *cipher; fastd_cipher_state_t *cipher_state; - const fastd_mac_info_t *ghash_info; const fastd_mac_t *ghash; fastd_mac_state_t *ghash_state; }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher) { - if (!fastd_mac_info_get_by_name("ghash")) +static bool method_create_by_name(const char *name, fastd_method_context_t **method_ctx) { + fastd_method_context_t ctx; + + ctx.ghash_info = fastd_mac_info_get_by_name("ghash"); + if (!ctx.ghash_info) return false; size_t len = strlen(name); - if (len < 5) return false; @@ -60,70 +69,42 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe memcpy(cipher_name, name, len-5); cipher_name[len-5] = 0; - const fastd_cipher_info_t *info = NULL; - - if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info); - if (!*cipher) - return false; - } - else { - info = fastd_cipher_info_get_by_name(cipher_name); - if (!info) - return false; - } + ctx.cipher_info = fastd_cipher_info_get_by_name(cipher_name); + if (!ctx.cipher_info) + return false; - if (info->iv_length <= COMMON_NONCEBYTES) + if (ctx.cipher_info->iv_length <= COMMON_NONCEBYTES) return false; - if (cipher_info) - *cipher_info = info; + *method_ctx = malloc(sizeof(fastd_method_context_t)); + **method_ctx = ctx; return true; } - -static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL); +static void method_destroy(fastd_method_context_t *method_ctx) { + free(method_ctx); } -static size_t method_key_length(fastd_context_t *ctx, const char *name) { - const fastd_cipher_info_t *cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL)) - exit_bug(ctx, "generic-gmac: can't get cipher key length"); - - return cipher_info->key_length + sizeof(fastd_block128_t); +static size_t method_key_length(fastd_context_t *ctx UNUSED, const fastd_method_context_t *method_ctx) { + return method_ctx->cipher_info->key_length + method_ctx->ghash_info->key_length; } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const fastd_method_context_t *method_ctx, const uint8_t *secret, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); fastd_method_common_init(ctx, &session->common, initiator); + session->ctx = method_ctx; - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher)) - exit_bug(ctx, "generic-gmac: can't instanciate cipher"); - + session->cipher = fastd_cipher_get(ctx, session->ctx->cipher_info); session->cipher_state = session->cipher->init(ctx, secret); - if (session->cipher_info->iv_length <= COMMON_NONCEBYTES) - exit_bug(ctx, "generic-gmac: iv_length to small"); - - session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info); - if (!session->ghash) - exit_bug(ctx, "generic-gmac: can't instanciate ghash mac"); - - session->ghash_state = session->ghash->init(ctx, secret + session->cipher_info->key_length); + session->ghash = fastd_mac_get(ctx, session->ctx->ghash_info); + session->ghash_state = session->ghash->init(ctx, secret + session->ctx->cipher_info->key_length); return session; } -static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const char *name, const uint8_t *secret, size_t length, bool initiator) { - if (length < sizeof(fastd_block128_t)) - exit_bug(ctx, "generic-gmac: tried to init with short secret"); - - return method_session_init(ctx, name, secret, initiator); -} - static bool method_session_is_valid(fastd_context_t *ctx, fastd_method_session_state_t *session) { return (session && fastd_method_session_common_is_valid(ctx, &session->common)); } @@ -168,10 +149,11 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast if (tail_len) memset(in.data+in.len, 0, tail_len); - uint8_t nonce[session->cipher_info->iv_length]; - memset(nonce, 0, session->cipher_info->iv_length); + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + memset(nonce, 0, iv_length); memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES); - nonce[session->cipher_info->iv_length-1] = 1; + nonce[iv_length-1] = 1; int n_blocks = block_count(in.len, sizeof(fastd_block128_t)); @@ -221,10 +203,12 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */ return false; - uint8_t nonce[session->cipher_info->iv_length]; - memset(nonce, 0, session->cipher_info->iv_length); + + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + memset(nonce, 0, iv_length); memcpy(nonce, in.data, COMMON_NONCEBYTES); - nonce[session->cipher_info->iv_length-1] = 1; + nonce[iv_length-1] = 1; int64_t age; if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age)) @@ -270,17 +254,18 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho } const fastd_method_t fastd_method_generic_gmac = { - .provides = method_provides, - .max_overhead = COMMON_HEADBYTES + sizeof(fastd_block128_t), .min_encrypt_head_space = sizeof(fastd_block128_t), .min_decrypt_head_space = 0, .min_encrypt_tail_space = sizeof(fastd_block128_t)-1, .min_decrypt_tail_space = 2*sizeof(fastd_block128_t)-1, + .create_by_name = method_create_by_name, + .destroy = method_destroy, + .key_length = method_key_length, + .session_init = method_session_init, - .session_init_compat = method_session_init_compat, .session_is_valid = method_session_is_valid, .session_is_initiator = method_session_is_initiator, .session_want_refresh = method_session_want_refresh, diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c index c40e70f..f84046e 100644 --- a/src/methods/generic_poly1305/generic_poly1305.c +++ b/src/methods/generic_poly1305/generic_poly1305.c @@ -25,6 +25,7 @@ #include "../../crypto.h" +#include "../../method.h" #include "../common.h" #include <crypto_onetimeauth_poly1305.h> @@ -33,18 +34,23 @@ #define AUTHBLOCKS 2 +struct fastd_method_context { + const fastd_cipher_info_t *cipher_info; +}; + struct fastd_method_session_state { fastd_method_common_t common; - const fastd_cipher_info_t *cipher_info; + const fastd_method_context_t *ctx; const fastd_cipher_t *cipher; fastd_cipher_state_t *cipher_state; }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher) { - size_t len = strlen(name); +static bool method_create_by_name(const char *name, fastd_method_context_t **method_ctx) { + fastd_method_context_t ctx; + size_t len = strlen(name); if (len < 9) return false; @@ -55,54 +61,35 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe memcpy(cipher_name, name, len-9); cipher_name[len-9] = 0; - const fastd_cipher_info_t *info = NULL; - - if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info); - if (!*cipher) - return false; - } - else { - info = fastd_cipher_info_get_by_name(cipher_name); - if (!info) - return false; - } + ctx.cipher_info = fastd_cipher_info_get_by_name(cipher_name); + if (!ctx.cipher_info) + return false; - if (info->iv_length <= COMMON_NONCEBYTES) + if (ctx.cipher_info->iv_length <= COMMON_NONCEBYTES) return false; - if (cipher_info) - *cipher_info = info; + *method_ctx = malloc(sizeof(fastd_method_context_t)); + **method_ctx = ctx; return true; } - -static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL); +static void method_destroy(fastd_method_context_t *method_ctx) { + free(method_ctx); } -static size_t method_key_length(fastd_context_t *ctx, const char *name) { - const fastd_cipher_info_t *cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL)) - exit_bug(ctx, "generic-poly1305: can't get cipher key length"); - - return cipher_info->key_length; +static size_t method_key_length(fastd_context_t *ctx UNUSED, const fastd_method_context_t *method_ctx) { + return method_ctx->cipher_info->key_length; } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const fastd_method_context_t *method_ctx, const uint8_t *secret, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); fastd_method_common_init(ctx, &session->common, initiator); - - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher)) - exit_bug(ctx, "generic-poly1305: can't instanciate cipher"); - + session->ctx = method_ctx; + session->cipher = fastd_cipher_get(ctx, session->ctx->cipher_info); session->cipher_state = session->cipher->init(ctx, secret); - if (session->cipher_info->iv_length <= COMMON_NONCEBYTES) - exit_bug(ctx, "generic-poly1305: iv_length to small"); - return session; } @@ -139,10 +126,11 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast if (tail_len) memset(in.data+in.len, 0, tail_len); - uint8_t nonce[session->cipher_info->iv_length]; - memset(nonce, 0, session->cipher_info->iv_length); + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + memset(nonce, 0, iv_length); memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES); - nonce[session->cipher_info->iv_length-1] = 1; + nonce[iv_length-1] = 1; int n_blocks = block_count(in.len, sizeof(fastd_block128_t)); @@ -186,10 +174,11 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */ return false; - uint8_t nonce[session->cipher_info->iv_length]; - memset(nonce, 0, session->cipher_info->iv_length); + size_t iv_length = session->ctx->cipher_info->iv_length; + uint8_t nonce[iv_length]; + memset(nonce, 0, iv_length); memcpy(nonce, in.data, COMMON_NONCEBYTES); - nonce[session->cipher_info->iv_length-1] = 1; + nonce[iv_length-1] = 1; int64_t age; if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age)) @@ -245,15 +234,17 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho } const fastd_method_t fastd_method_generic_poly1305 = { - .provides = method_provides, - .max_overhead = COMMON_HEADBYTES + crypto_onetimeauth_poly1305_BYTES, .min_encrypt_head_space = AUTHBLOCKS*sizeof(fastd_block128_t), .min_decrypt_head_space = AUTHBLOCKS*sizeof(fastd_block128_t) - crypto_onetimeauth_poly1305_BYTES, .min_encrypt_tail_space = sizeof(fastd_block128_t)-1, .min_decrypt_tail_space = sizeof(fastd_block128_t)-1, + .create_by_name = method_create_by_name, + .destroy = method_destroy, + .key_length = method_key_length, + .session_init = method_session_init, .session_is_valid = method_session_is_valid, .session_is_initiator = method_session_is_initiator, diff --git a/src/methods/methods.c.in b/src/methods/methods.c.in index 2a8d9fb..a2c7963 100644 --- a/src/methods/methods.c.in +++ b/src/methods/methods.c.in @@ -24,7 +24,7 @@ */ -#include <src/fastd.h> +#include <src/method.h> @METHOD_DEFINITIONS@ @@ -33,12 +33,14 @@ static const fastd_method_t *const methods[] = { @METHOD_LIST@ }; -const fastd_method_t* fastd_method_get_by_name(const char *name) { +bool fastd_method_create_by_name(const char *name, const fastd_method_t **method, fastd_method_context_t **method_ctx) { size_t i; for (i = 0; i < array_size(methods); i++) { - if (methods[i]->provides(name)) - return methods[i]; + if (methods[i]->create_by_name(name, method_ctx)) { + *method = methods[i]; + return true; + } } - return NULL; + return false; } diff --git a/src/methods/null/null.c b/src/methods/null/null.c index 3f23866..f4784c8 100644 --- a/src/methods/null/null.c +++ b/src/methods/null/null.c @@ -24,7 +24,7 @@ */ -#include "../../fastd.h" +#include "../../method.h" struct fastd_method_session_state { @@ -33,15 +33,18 @@ struct fastd_method_session_state { }; -static bool method_provides(const char *name) { +static bool method_create_by_name(const char *name, fastd_method_context_t **method_ctx UNUSED) { return !strcmp(name, "null"); } -static size_t method_key_length(fastd_context_t *ctx UNUSED, const char *name UNUSED) { +static void method_destroy(fastd_method_context_t *method_ctx UNUSED) { +} + +static size_t method_key_length(fastd_context_t *ctx UNUSED, const fastd_method_context_t *method_ctx UNUSED) { return 0; } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx UNUSED, const char *name UNUSED, const uint8_t *secret UNUSED, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx UNUSED, const fastd_method_context_t *method_ctx UNUSED, const uint8_t *secret UNUSED, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); session->valid = true; @@ -50,8 +53,8 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx UN return session; } -static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const char *name, const uint8_t *secret, size_t length UNUSED, bool initiator) { - return method_session_init(ctx, name, secret, initiator); +static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const fastd_method_context_t *method_ctx, const uint8_t *secret, size_t length UNUSED, bool initiator) { + return method_session_init(ctx, method_ctx, secret, initiator); } static bool method_session_is_valid(fastd_context_t *ctx UNUSED, fastd_method_session_state_t *session) { @@ -80,15 +83,17 @@ static bool method_passthrough(fastd_context_t *ctx UNUSED, fastd_peer_t *peer U } const fastd_method_t fastd_method_null = { - .provides = method_provides, - .max_overhead = 0, .min_encrypt_head_space = 0, .min_decrypt_head_space = 0, .min_encrypt_tail_space = 0, .min_decrypt_tail_space = 0, + .create_by_name = method_create_by_name, + .destroy = method_destroy, + .key_length = method_key_length, + .session_init = method_session_init, .session_init_compat = method_session_init_compat, .session_is_valid = method_session_is_valid, diff --git a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c index c6e22fb..88a0525 100644 --- a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c +++ b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c @@ -24,7 +24,7 @@ */ -#include "../../fastd.h" +#include "../../method.h" #include "../common.h" #include <crypto_secretbox_xsalsa20poly1305.h> @@ -37,15 +37,18 @@ struct fastd_method_session_state { }; -static bool method_provides(const char *name) { +static bool method_create_by_name(const char *name, fastd_method_context_t **method_ctx UNUSED) { return !strcmp(name, "xsalsa20-poly1305"); } -static size_t method_key_length(fastd_context_t *ctx UNUSED, const char *name UNUSED) { +static void method_destroy(fastd_method_context_t *method_ctx UNUSED) { +} + +static size_t method_key_length(fastd_context_t *ctx UNUSED, const fastd_method_context_t *method_ctx UNUSED) { return crypto_secretbox_xsalsa20poly1305_KEYBYTES; } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name UNUSED, const uint8_t *secret, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const fastd_method_context_t *method_ctx UNUSED, const uint8_t *secret, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); fastd_method_common_init(ctx, &session->common, initiator); @@ -55,11 +58,11 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c return session; } -static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const char *name, const uint8_t *secret, size_t length, bool initiator) { +static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const fastd_method_context_t *method_ctx, const uint8_t *secret, size_t length, bool initiator) { if (length < crypto_secretbox_xsalsa20poly1305_KEYBYTES) exit_bug(ctx, "xsalsa20-poly1305: tried to init with short secret"); - return method_session_init(ctx, name, secret, initiator); + return method_session_init(ctx, method_ctx, secret, initiator); } static bool method_session_is_valid(fastd_context_t *ctx, fastd_method_session_state_t *session) { @@ -153,7 +156,6 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho } const fastd_method_t fastd_method_xsalsa20_poly1305 = { - .provides = method_provides, .max_overhead = COMMON_HEADBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES, .min_encrypt_head_space = crypto_secretbox_xsalsa20poly1305_ZEROBYTES, @@ -161,7 +163,11 @@ const fastd_method_t fastd_method_xsalsa20_poly1305 = { .min_encrypt_tail_space = 0, .min_decrypt_tail_space = 0, + .create_by_name = method_create_by_name, + .destroy = method_destroy, + .key_length = method_key_length, + .session_init = method_session_init, .session_init_compat = method_session_init_compat, .session_is_valid = method_session_is_valid, |